Skip to main content

Mon, Jun 13, 2016 5:45 AM

Answered

Active Directory thru ZD Captive Portal vs 802.1x

I'm trying to setup a WLAN for a customer where its employees can connect to the WLAN and authenticate using their Active Directory account. Is it better if I use 802.1x (FreeRADIUS) or just use ZD's built in Captive Portal (Web Authentication)? What are the advantages of using 802.1x? Setting up FreeRADIUS is a bit of a hassle.

By the way, can devices that are not joined to their domain connect to the WLAN either via the two options?

Responses

Brand User

Former Employee

 • 

2.6K Messages

 • 

44.8K Points

4 years ago

If you use Standard WLAN with 802.1x, you will need RADIUS in front of AD.
You can use ZD's Guest Access type WLAN, with direct AD authenticiation.

37 Messages

 • 

592 Points

4 years ago

I configured an open WLAN using Standard type (no encryption) and the option for Web Authentication and Authentication Server are configurable (drop down menu) and our customer successfully authenticated using their AD account. This should be fine, right? Or is this less secure than AD via 802.1x authentication?
Brand User

Former Employee

 • 

2.6K Messages

 • 

44.8K Points

Congratulations, you have AD authenticated access thru our internal web portal.

Using 802.1x with a RADIUS front-end to the AD user/pw db, can exchange some Vendor Specific Attributes,
if you wanted to change VLANs from the one you've setup for this WLAN now, for example.  OTW, you have
a secure authentication required wireless network access solution.

222 Messages

 • 

3.6K Points

Just keep in mind that as you are not using 802.1X or a PSK this data is not encrypted and is the same as using an open hotspot SSID all you're doing is using AD to authenticate.

37 Messages

 • 

592 Points

That's what I am concerned right now. I'm already checking FreeRADIUS guides on where to configure AD. I just know where to enter the ZD IP on FreeRADIUS so far.

37 Messages

 • 

592 Points

By the way, since this is a first for me (configuring 802.1x as authentication), does encryption apply automatically to the credentials only or the whole frame/data traffic? I don't need to configure anything else on RADIUS but ZD IP and external AAA server like AD? I think I can't use ZD's Captive Portal if on 802.1x, right? I have to provide that separately?